CVE-2024-43611

Heap-based Buffer Overflow (CWE-122)

Published: Oct 8, 2024

010
CVSS 8.8EPSS 0.07%High
CVE info copied to clipboard

Summary

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This is a severe vulnerability with a CVSS base score of 8.8. It affects the Windows Routing and Remote Access Service and allows for remote code execution. The vulnerability has low attack complexity, requires low privileges, and no user interaction.

Impact

This vulnerability could allow an attacker to execute arbitrary code on the target system with high impact on confidentiality, integrity, and availability. Given the nature of RRAS, which is typically used for network routing and remote access, a successful exploit could potentially lead to unauthorized access to the network, data theft, or disruption of network services. The attacker could gain the ability to view, change, or delete data, create new accounts with full user rights, or install programs.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability on October 8, 2024.

Mitigation

1. Apply the official patch released by Microsoft as soon as possible. 2. If immediate patching is not possible, consider temporarily disabling RRAS if it's not critical for operations. 3. Implement network segmentation to limit the potential impact of an exploit. 4. Monitor RRAS-related traffic and logs for any suspicious activities. 5. Ensure that only necessary accounts have access to RRAS, and use the principle of least privilege. 6. Keep all Windows systems and software up to date with the latest security patches. 7. Use firewalls and intrusion detection/prevention systems to monitor and block potential exploit attempts.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 8.8 has been assigned.

Oct 8, 2024 at 5:40 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43611. See article

Oct 8, 2024 at 5:46 PM / CVE | THREATINT - NEW.RSS
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 5:48 PM
Threat Intelligence Report

CVE-2024-43611 is a critical Remote Code Execution vulnerability in Windows Routing and Remote Access Service (RRAS) with a CVSSv3 score of 8.8, categorized as “Exploitation Less Likely” by Microsoft. It can be exploited by an unauthenticated attacker through specially crafted protocol messages, potentially leading to RCE on vulnerable servers. There are no specific details provided regarding proof-of-concept exploits, mitigations, detections, or patches, nor any downstream impacts on third-party vendors or technology. See article

Oct 8, 2024 at 6:13 PM
CVE Assignment

NVD published the first details for CVE-2024-43611

Oct 8, 2024 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208305)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208298)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208294)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208289)

Oct 9, 2024 at 1:15 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2012
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

References

Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability

News

CVE-2024-43611 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43611 can be exploited with network access, and requires small amount of user privileges. The potential impact of an exploit of this vulnerability is considered to be very high.
Patch Tuesday October 2024 - Five Zero Days
Besides these zero days we have five CVE's rated critical: These mainly affect Windows OS's as well as MS Configuration Manager and some one offs for Dynamics and the GroupMe app. CVE-2024-43572 is a remote code execution vulnerability with a rating of important.
Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
CVE Alert: CVE-2024-43611 - https://www.redpacketsecurity.com/cve_alert_cve-2024-43611/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_43611
CVE Alert: CVE-2024-43611 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_43611
See 27 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI